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1 CLAIMS 

2 What is claimed is: 

3 a system comprising: 

4 a^^^lurality of certificate authorities (CAs) in which each CA 

Is main^ins and distributes digital certificates revoked by itself in 

/6 the foisrn of a certificate revocation list (CRL) , and different CAs 

7 may use different CRL distribution mechanisms; 

8 a plurality *S)f CRL databases for storing the consolidated CRLs from 

9 multiple CRL retrieval agents and/or the replications of CRLs; and 

10 a CRL access userXinterf ace for providing a uniform set of APIs for 

11 user's accessing th\ CRLs CRL databases, said system enabling 

12 consolidation and access of the certificate revocation list (CRL) . 

13 2. A system according to\:laim 1, wherein said plurality of CRL 

14 databases include a centralvCRL database and a plurality of CRL 

15 replication databases, said central CRL database for storing the 

16 consolidated CRLs from the mulfsiple CRL retrieval agents, and said 

17 plurality of CRL replication databases for storing the replications 

18 of the CRLs of the central CRL database. 

19 3. A system according to claim 1, wherein said plurality of CRL 

20 retrieval agents include a LDAP/CRL retrieval agent, for 

21 periodically retrieving CRLs from specifred LDAP servers and 

22 updating the CRL databases. \ 
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1 ^4 . A system according to claim 1, wherein said plurality of CRL 

2 retrieval agents include a HTTP/CRL retrieval agent, for 

3 peVriodically retrieving CRLs from specified HTTP servers and 

4 updating the CRL database. 

5 5. A^vstem according to claim 1, wherein said plurality of CRL 
retrieval agents include a RFC1424/CRL retrieval agents, for 
periodically sending RFC1424/CRL retrieval request and receiving 
CRL retrieval reply. 

9 6. A system according to claim 1, wherein said plurality of CRL 

10 retrieval agents include a Http receiver agent triggered by a HTTP 

11 request, said H\ttp receiver agent verifies an authorization of the 

12 requester, if successful, said agent stores each transmitted CRL in 

13 the CRL databases\ 

14 7. A system according to claim 1, wherein said plurality of CRL 

15 retrieval agents furt'ker verifies the integrity and the 

16 authenticity of the ret^rieved CRLs. 

17 8. A system according to claim 1, wherein a particular replication 

18 architecture is used among\aid plurality of CRL databases in order 

19 to maintain database consistency. 

20 9. A system according to claim 2, wherein a sub-and-spoke 

21 replication architecture is usedXamong said central CRL database 

22 and said plurality of CRL replicat^ion databases. 

23 10. A system according to claim 1, ^whi'erein said system is also 

24 adapted for consolidating and accessing, at least one kind of black 

25 list. \ 
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1 li. In a secure network implemented by digital certificates, a 

2 method for certificate revocation list (CRL) consolidation and 

3 acc^ess, wherein a plurality of certificate authorities (CAs) 

4 maint^ain and distribute the digital certificates revoked by 

5 thems'^lves in the form of CRLs, and different CAs may use different 

6 CRL distribution mechanisms, said method comprising the steps of: 

^ 7 creating\ plurality of CRL retrieval agents based on the CRL 

distribution mechanisms of CAs, for consolidating the CRLs from 
\9 \ multiple CA^ 

10 storing the consolidated CRLs from multiple CRL retrieval agents or 

11 the replications of CRLs into a plurality of CRL databases; and 

12 accessing the CRLs\from the CRL databases by a uniform set of APIs. 

13 12. A method according to claim 11, said plurality of CRL databases 

14 include a central CRLNdatabase and a plurality of CRL replication 

15 database, said central CRL database for storing the consolidated 

16 CRLs from multiple CRL retrieval agents and said plurality of CRL 

17 replication database for storing the replications of the CRLs of 

18 the central database. 

19 13. A method according to claim 11, wherein said method is also 

20 adapted for consolidating and accessing all kinds of black lists. 

21 14. An article of manufacture comprising a computer usable medium 

22 having computer readable program co^e^ means embodied therein for 

23 causing certificate revocation list (CRL) consolidation and 

24 access,, the computer readable program Vode means in said article 
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of manufacture comprising computer readable program code means for 
causing a computer to effect the steps of claim 11. 

15, V computer program product comprising a computer usable medium 
having computer readable program code means embodied therein for 
causing certificate revocation list (CRL) consolidation and access, 
the computer readable program code means in said computer program 
product comprising computer readable program code means for causing 
a computer\to effect the steps of claim 11. 

A program storage device readable by machine, tangibly 
embodying a prbgram of instructions executable by the machine to 
perform method steps for certificate revocation list (CRL) 
consolidation an\ access, said method steps comprising the steps of 



claim 11 



method comprising: 



employing a secure network implemented by digital certificates for 
certificate revocation list (CRL) consolidation and access, with a 
plurality of certificate \uthorities (CAs) maintaining and 
distributing the digital cesrtif icates revoked by themselves in the 
form of CRLs, wherein different CAs may use different CRL 
distribution mechanisms, including the steps of: 

creating a plurality of CRL retrieval agents based on the CRL 
distribution mechanisms of CAs, fo^r consolidating the CRLs from 
multiple CAs; 



storing the consolidated CRLs from mult^iple CRL retrieval agents or 
the replications of CRLs into a plurality of CRL databases; and 
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accessing the CRLs from the CRL databases by a uniform set of APIs. 

\ 

A program storage device readable by machine, tangibly 

3 embody^g a program of instructions executable by the machine to 

4 perform\ethod steps for certificate revocation list (CRL) 

5 consolidatispn and access, said method steps comprising the steps of 

6 claim 18. 

7 An article of^ manufacture comprising a computer usable medium 

8 having computer readable program code means embodied therein for 

9 causing certificate re^cation list (CRL) consolidation and access, 
10 the computer readable prs^ram code means in said article of 

f 11 manufacture comprising con^uter readable program code means for 
J 12 causing a computer to effect\the steps of claim 18 

g 13 ^J2^. A computer program product\comprising a computer usable medium 
" 14 having computer readable program code means embodied therein for 

15 causing certificate revocation list\ (CRL) consolidation and access, 
: 16 the computer readable program code means in said computer program 
3 17 product comprising computer readable program code means for causing 
^18 a computer to effect the steps of claim 1\8 . 
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